git: 4f6edd4a4c2b - stable/13 - sctp: add KASSERTs to ensure correct handling of listeners

From: Michael Tuexen <tuexen_at_FreeBSD.org>
Date: Wed, 01 Feb 2023 23:25:41 UTC
The branch stable/13 has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=4f6edd4a4c2b5ba498f6997357e63e02ea489073

commit 4f6edd4a4c2b5ba498f6997357e63e02ea489073
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2022-06-27 17:04:45 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2023-02-01 23:24:28 +0000

    sctp: add KASSERTs to ensure correct handling of listeners
    
    This was suggested by markj@.
    
    (cherry picked from commit 121ecca0d82b4a5ccee1a8bb01e50b026a22bb3f)
---
 sys/netinet/sctp_usrreq.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c
index 78ece9dd4641..d7a4d71760a8 100644
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@@ -452,13 +452,10 @@ sctp_abort(struct socket *so)
 		sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT,
 		    SCTP_CALLED_AFTER_CMPSET_OFCLOSE);
 		SOCK_LOCK(so);
+		KASSERT(!SOLISTENING(so),
+		    ("sctp_abort: called on listening socket %p", so));
 		SCTP_SB_CLEAR(so->so_snd);
-		/*
-		 * same for the rcv ones, they are only here for the
-		 * accounting/select.
-		 */
 		SCTP_SB_CLEAR(so->so_rcv);
-
 		/* Now null out the reference, we are completely detached. */
 		so->so_pcb = NULL;
 		SOCK_UNLOCK(so);
@@ -843,14 +840,22 @@ sctp_flush(struct socket *so, int how)
 		inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_CANT_READ;
 		SCTP_INP_READ_UNLOCK(inp);
 		SCTP_INP_WUNLOCK(inp);
+		SOCK_LOCK(so);
+		KASSERT(!SOLISTENING(so),
+		    ("sctp_flush: called on listening socket %p", so));
 		SCTP_SB_CLEAR(so->so_rcv);
+		SOCK_UNLOCK(so);
 	}
 	if ((how == PRU_FLUSH_WR) || (how == PRU_FLUSH_RDWR)) {
 		/*
 		 * First make sure the sb will be happy, we don't use these
 		 * except maybe the count
 		 */
+		SOCK_LOCK(so);
+		KASSERT(!SOLISTENING(so),
+		    ("sctp_flush: called on listening socket %p", so));
 		SCTP_SB_CLEAR(so->so_snd);
+		SOCK_UNLOCK(so);
 	}
 	return (0);
 }